We take pride in protecting the information that our healthcare partners rely on to accomplish their life-sustaining and life-saving missions.

Sign up for our weekly healthcare cybersecurity briefing to stay up to date on healthcare Information Security news that you need to know.

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at any time if desired.

Critical Informatics has a proven record of protecting the patient data and networks of a variety of healthcare organizations and the business associates that serve them. We begin our healthcare partnerships by developing a plan that targets three basic goals: data security and privacy, continuity of operations and regulatory compliance. To achieve these goals, we use a combination of Managed Detection and Response (MDR) and Information Security Consulting, which uncover, and then shore-up, cybersecurity gaps and weaknesses. These services also provide the basis for monitoring healthcare information infrastructure and access to electronic Protected Health Information (ePHI) through a fiscally-responsible Managed Security Service (MSS) and executive IT Security communication strategies.

Critical Informatics is compliant with HIPAA, has internal controls and policies aligned with the requirements of the statute, and will sign a HIPAA business associate agreement when needed.

– Tom Hornburg, Chief Information Officer MGH&FC

Managed Detection and Response

Our Managed Detection and Response (MDR) service provides health sector organizations with accurate security monitoring and rapid incident response. We combine unique detection analytics with deep human expertise to detect, investigate, confirm, respond, and recover from a data compromise and prevent it from becoming a major breach. Critical Informatics helps hospitals, clinics, research organizations, device manufacturers and healthcare business associates meet their mission, in a world of quickly-evolving threats.

Utilizing elastic scalability, machine learning, and advanced data indexing algorithms, we are limited only by the amount of data you can provide to us. We grow as large as we need to be, and we do not lose processing capabilities as we scale. Our machine learning approach allows Critical Insight to become continuously more powerful, accurate and faster as data is ingested and processed.

Our promise to you is to only provide actionable alerts, not false positives. Our security experts investigate each incident to confirm which are true threats. Once confirmed, the analyst prepares and communicates a customized Incident Action Plan (IAP) and interfaces with your staff in a pre-designed incident response process to quickly address the compromise. Incidents are addressed quickly so that actual damage and loss are averted or minimized. This process eliminates false positives and gives you an actionable plan for confirmed threats.

The availability of full packet capture at the collector allows our analysts to “replay” events under investigation for 100% incident confirmation and 0 false positives while ensuring only incidental access to sensitive information. Once an incident has been confirmed, we can go “back in time” and determine if any other compromises occurred prior. We can replay all that happened, often down to the mouse-click.

Contact us to learn more about integrating our MDR Service into your Cyber Security strategy.

Information Security Consulting

The Health Insurance Portability and Accountability Act (HIPAA) requires compliance with privacy and security rules, along with periodic assessments for meaningful use of Electronic Health Records (EHR). In addition to our Managed Security Services, we offer our healthcare partners a full set of cybersecurity consulting services that ensure regularity compliance. These services include:

Contact us to learn more about how our Healthcare Cyber Security Consulting can help protect your patients’ data and ensure your organization remains in compliance.

Our healthcare team is led by Fred Langston.

Fred Langston CISSP CCSK, has decades of experience in information security and compliance consulting for Healthcare Payers, Providers, Clearinghouses and HIPAA Business Associates. His history in healthcare security began in 1988 when he participated in the working group that drafted the HIPAA Proposed Security Rule. That same year, he also delivered of one of the first ever HIPAA Security Risk Assessments. He has since chaired the HIMSS Security sessions in 2003 and 2004, as well as presented the seminal compliance paper, The Unified Approach to Compliance, at HIMSS 2004 as the security keynote speaker, a part of the Risk Management Alliance. Fred has also served as the leader of the HITRUST Compensating Controls committee.

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.